There are a few helpful tutorials I would recommend looking at.
1)
http://realm3.com/articles/setting_up_users_groups_withacl_and_auth_in_cake_1.2.php
2) http://groups.google.com/group/cake-php/browse_thread/thread/871ff4c536bc1e00
3)
http://lemoncake.wordpress.com/2007/07/19/using-authcomponent-and-acl-in-cakephp-12/
But I can answer some of your questions.
First off T is right, you don't need login to be an allowed action, it
automatically checks to see if the url is the login action. What you
should have in the appController's beforeFilter is $this->Auth-
>authorize = 'actions'; if you are using the ACL component to manage
access control. You can also set the fields in your database here if
they aren't the default 'username' and 'password'.
The problem you are having in your usersController is that you are
overriding all the code in you appController's beforeFilter, you need
to explicitly call it, like this.
function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('register', 'recover');
}
That will work and only allow register and recover actions in the
Users Controller instead of across the site.
Second you don't need to call isAuthorized() every time you handle a
request, in fact since the Auth component will check to see if it is
Authorized each time it handles a request you are really doubling its
work. If you want to check if a user is logged in you can check the
session variable to see if an authenticated user session is present,
if it is you know the user is logged in. If you want it in available
to all your pages, put it in the appController's beforeFilter. The
session key defaults to 'Auth.' . $this->userModel, so if your user
model is User, Auth.User. It can easily be changed:
$this->Auth->sessionKey = 'my_user';
Then you add the check into the AppControler's beforeFilter
$this->set('auth_status', $this->Session->check('my_user'));
Now all your layouts will have the $auth_status variable. Maybe there
should just be a get function in the Auth Component that return the
_loggedIn variable, but performance-wise I don't think there is too
much of a difference.
Finally problem three. The allow function of the Auth component, only
allows actions for a particular controller, not controllers
themselves. Over in the lemoncake post, Geoff explains how to allow
controller access, which I've summarized below.
Instead of the $allowed you currently have, replace it with a array of
allowed controllers, for example pages.
$publicControllers = array('pages');
Since you can't allow controllers get rid of the $this->Auth-
>allow($allowed) line, and replace it with this logic from Geoff.
if (in_array(low($this->params['controller']), $this-
>publicControllers)) {
$this->Auth->allow();
}
What this does is check to see if the current controller is listed in
your publicControllers variable. If it is then it allows *, or any
action to be run from that controller, making it completely public.
Hope this helps. :)
-thebrillopuff
P.S. You may also want to add a logout function to your user
controller, it's easy.
function logout() {
$this->redirect($this->Auth->logout());
}
You could even add a flash to let the person know they've logged
out :) I think in the current cake 1.2 I had to change a line in the
auth component to get the redirect working. In the _setDefaults
function it was looking for logoutAction instead of logoutRedirect.
logoutRedirect is the one you want.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
